First attempt at provisioning.

1 files changed, 28 insertions, 0 deletions

diff --git a/roles/openshift_master/tasks/bootstrap.yml b/roles/openshift_master/tasks/bootstrap.yml
new file mode 100644
index 000000000..0013f5289
--- /dev/null
+++ b/roles/openshift_master/tasks/bootstrap.yml
@@ -0,0 +1,28 @@
+---
+
+- name: ensure the node-bootstrap service account exists
+  oc_serviceaccount:
+    name: node-bootstrapper
+    namespace: openshift-infra
+    state: present
+  run_once: true
+
+- name: grant node-bootstrapper the correct permissions to bootstrap
+  oc_adm_policy_user:
+    namespace: openshift-infra
+    user: system:serviceaccount:openshift-infra:node-bootstrapper
+    resource_kind: cluster-role
+    resource_name: system:node-bootstrapper
+    state: present
+  run_once: true
+
+# TODO: create a module for this command.
+# oc_serviceaccounts_kubeconfig
+- name: create service account kubeconfig with csr rights
+  command: "oc serviceaccounts create-kubeconfig node-bootstrapper -n openshift-infra"
+  register: kubeconfig_out
+
+- name: put service account kubeconfig into a file on disk for bootstrap
+  copy:
+    content: "{{ kubeconfig_out.stdout }}"
+    dest: "{{ openshift_master_config_dir }}/bootstrap.kubeconfig"